Oops. draft-davidben-tls-batch-signing-00 cites draft-davidben-http2-tls13-00. That should be draft-davidben-tls13-pkcs1-00. (The XML file took a really long time to be created, so I manually tried to recreate it based on another file and forgot to update one of the fields.) I'll fix this in -01.
On Mon, Jul 29, 2019 at 8:15 PM David Benjamin <david...@chromium.org> wrote: > Hi all, > > I’ve just uploaded a pair of drafts relating to signatures in TLS 1.3. > https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 > https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00 > > The first introduces optional legacy codepoints for PKCS#1 v1.5 signatures > with client certificates. This is unfortunate, but I think we should do it. > On the Chrome side, we’ve encountered some headaches with the TLS 1.3 PSS > requirement which are unique to client certificates. The document describes > the motivations in detail. > > The second describes a batch signing mechanism for TLS using Merkle trees.. > It allows TLS clients and servers to better handle signing load. I think it > could be beneficial for a number of DoS and remote key scenarios. > > Thoughts? > > David >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls